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DETAILED ACTION 



1. 



This action is in response to the amendment filed on 07/28/2008. 



2. 



Claims 1, 3, 5-7, 23-24 and 27-29 have been amended. 



3. 



Claims 2, 4 and 25 have been canceled. 



4. 



Claims 1, 3, 5-24 and 26-38 are pending for consideration. 



Continued Examination Under 37 CFR 1.114 



5. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
07/28/2008 has been entered. 

Response to Arguments 

6. Applicant's arguments with respect to claims 1 , 3, 5-24 and 26-38 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1,3,7,11,13-14,18, 22-23, 29-34 and 36 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Leoutsarakos (US 2004/0039905) 
(hereinafter Leo) in view of Smith et al. (US 6233685) (hereinafter Smith). 

Regarding claim 1, Leo discloses a distributed authentication infrastructure 
including a plurality of nodes in communication with each other, each of said plurality of 
nodes having an identification and intended to perform a series of functions, one of said 
series of functions for verifying said identification of said plurality of nodes (Leo: see 
figures 1 , figure 7 (e.g., client unit 1 and corporate server are two distributed nodes) and 
paragraph 0074); and a centralized authentication infrastructure integrated into said 
distributed authentication infrastructure and including a central server, said central 
server being coupled to said plurality of nodes and being utilized for verifying said 
identification of said plurality of nodes, wherein said central server can be utilized for 
supporting or replacing at least one of said plurality of nodes (Leo: see Abstract section 
and paragraphs 001 1 , 0051 (a central management unit manages a plurality of client 
units, a corporate server and a secure bridging unit)); wherein said distributed 
authentication infrastructure is initially implemented and said centralized authentication 
infrastructure is later integrated into said distributed authenticated infrastructure (Leo: 
see figure 1 (a central management server controls the communications among a 
plurality of clients, corporate server and secure bridging unit)); wherein said distributed 
authentication infrastructure is selected from the group consisting of a threshold 
cryptography service model and a web-of-trust service model (Leo: paragraphs 0057, 
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0061, 0064, 0072, 0085, 0096, 0108 and 0110); wherein said centralized authentication 
system is selected from the group consisting of a public key infrastructure and a 
Kerberos service model (Leo: paragraphs 0035 and 0057); wherein said plurality of 
nodes include at least one of a personal digital assistant, a digital pager, a digital fax 
machine, a video teleconferencing device, a wireless telephone, a portable computer, a 
desktop computer, and a communication device (Leo: paragraphs 0029 and 0034), 
wherein said plurality of nodes includes a verifying node coupled to a new entity for 
verifying the identification of said new entity and enrolling said new entity into the hybrid 
authentication system (Leo: paragraphs 0122-0123 and 0128). 

Leo does not explicitly disclose wherein said verifying node signs a certificate 
related to said new entity. However, Smith discloses verifying node signs a certificate 
related to said new entity (Smith: column 10 lines 37-53). Therefore, it would have been 
obvious to a person skilled art at the time the invention was made to have included in 
Leo the feature of Smith as discussed above because by verifying the correct signing 
and formation of these certificates, and by verifying that these certificates attest to the 
public key the device allegedly owned (Smith: column 4 lines 5-8). 

Regarding claim 3, Leo further discloses wherein said new entity provides said 
verifying node with at least one predetermined credential (Leo: paragraph 0122). 

Regarding claims 7 and 1 1 , Leo further discloses wherein said central server is 
said new entity (Leo: see figure 1 item 16). 

Regarding claim 13, Leo further discloses wherein said central server is coupled 
to said plurality of nodes for at least one of issuing a global directive thereto and 
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bolstering said plurality of nodes by assisting with at least one of an enrollment task, an 
authentication task, and a permission granting task (Leo: see figure 1 item 16 and 
paragraphs 0013, 0051, 0120 and 0122). 

Regarding claims 14 and 31 , Leo further discloses wherein said global directive 
includes at least one of a rekey instruction and a critical trust chain path, said rekey 
instruction and said critical trust chain path for providing a secured data transfer line 
(Leo: paragraphs 001 1 and 01 18 (e.g., re-generate all session keys and secure bridging 
unit)). 

Regarding claims 18 and 22, Leo further discloses wherein said second node is 
coupled to a trusted third party node from said plurality of nodes, said second node 
producing an authentication task signed by said first node and sending said 
authentication task to said trusted third party node, said trusted third party node 
verifying said identification of said first node (Leo: see figure 1 and Abstract section). 

Regarding claim 23, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

Regarding claim 29, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

Regarding claim 30, Leo further discloses wherein said central server is coupled 
to said plurality of nodes for at least one of issuing a global directive thereto and 
supporting said plurality of nodes by assisting with at least one of an enrollment task, an 
authentication task, and a permission granting task (Leo: see figure 1 , Abstract section 
and paragraphs 0013 and 0120-0122). 
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Regarding claim 32, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

Regarding claim 33, Leo further discloses wherein migrating comprises coupling 
a central server to said plurality of nodes (Leo: see figure 1 ). 

Regarding claim 34, Leo further discloses coupling said central server to a 
verifying node of said plurality of nodes; sending at least one predetermined credential 
from said central server to said verifying node; enrolling said central server into the 
hybrid authentication system (Leo: see figure 1 and paragraphs 0013 and 0122). 

Regarding claim 36, Leo further discloses wherein said plurality of nodes 
includes a verifying node coupled to a new entity for verifying the identification of said 
new entity and enrolling said new entity into the hybrid authentication system (Leo: 
paragraph 0122). 

9. Claims 8 and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Leo in view of Smith, and further in view of Dinker (US 20040254984) (hereinafter 
Dinker). 

Regarding claim 8, Leo in view of Smith does not disclose wherein said 
distributed authentication infrastructure requires a quorum of said plurality of nodes for 
enrolling a new entity into the hybrid authentication system. However, Dinker discloses 
the quorum of said plurality of nodes for enrolling a new entity (Dinker: see figure 3 and 
paragraph 0010). Therefore, it would have been obvious to one ordinary skill in the art 
to apply the teaching of the quorum method of Dinker into the system of Leo in view of 
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Smith to enhance security because the pre-selected nodes have to vote and agree with 
each other in order for the new entity get enrolled into the system. 

Regarding claim 38, this claim has limitations that is similar to those of claim 8, 
thus it is rejected with the same rationale applied against claim 8 above. 
10. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leo in 
view of Smith, and further in view of Prabandham et al. (US 6701438) (hereinafter 
Prahandham). 

Regarding claim 12, Leo in view of Smith does not disclose in details wherein 
said central server is coupled to a new entity and is utilized for verifying the identification 
of said new entity and enrolling said new entity into the hybrid authentication system, 
said central server producing a log for recording a plurality of failed authentications and 
a plurality of failed enrollments by said plurality of nodes. However, Prabandham 
discloses logging all failed authentications and/or failed authorizations by logging 
module (Prabandham: see figure 2 and column 3 line 65 through column 4 line 1). 
Therefore, it would have been obvious to one ordinary skill in the art to apply the 
teaching of logging all failed authentications and/or authorization of Prahandham into 
the system of Leo in view of Smith because logging module provides the selected 
logging protocols such that those received requests that do not have originate from the 
verified source or do not have appropriate permission are recorded by the logging 
module (Prabandham: column 2 lines 49-52). 
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1 1 . Claims 5-6, 1 5-1 7, 19-21, 24, 26-28, 35 and 37 are rejected under 35 
U.S.C. 1 03(a) as being unpatentable Leo in view of Smith, and further in view of 
Benantar (US 2003/0130947) (hereinafter Ben). 

Regarding claim 24, Leo discloses a hybrid authentication system, comprising: a 
distributed authentication infrastructure based on a web-of-trust service model and 
including a plurality of nodes in communication with each other, each of said plurality of 
nodes having an identification and intended to perform a series of functions, one of said 
series of functions for verifying said identification of said plurality of nodes (Leo: see 
figures 1 , figure 7 (e.g., client unit 1 and corporate server are two distributed nodes) and 
paragraph 0074); and a centralized authentication infrastructure based on a public key 
infrastructure and integrated into said distributed authentication infrastructure, said 
centralized authentication infrastructure including a certificate authority coupled to said 
plurality of nodes and utilized for verifying said identification of said plurality of nodes 
(Leo: see Abstract section and paragraphs 001 1, 0051 (a central management unit 
manages a plurality of client units, a corporate server and a secure bridging unit)); 
wherein said distributed authentication infrastructure is initially implemented and said 
centralized authentication infrastructure is later integrated into said distributed 
authenticated infrastructure (Leo: see figure 1 (a central management server controls 
the communications among a plurality of clients, corporate server and secure bridging 
unit)). Leo does not explicitly disclose wherein said plurality of nodes is a plurality of 
members including a first member and a second member, said certificate authority 
issuing a first group certificate to said first member that provides said first member with 
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a first permission level, said certificate authority issuing a second group certificate to 
said second member that provides said second member with a second permission level. 

However, Ben discloses wherein said plurality of nodes is a plurality of members 
including a first member and a second member, said certificate authority issuing a first 
group certificate to said first member that provides said first member with a first 
permission level, said certificate authority issuing a second group certificate to said 
second member that provides said second member with a second permission level 
(Ben: see Abstract section). Therefore, it would have been obvious to one ordinary skill 
in the art to apply the teaching of using a certificate with permission level of Ben into the 
method of Leo in view Smith to have a method and system that simplifies the 
administrative processing associated with the trust paths that are required for valid use 
of digital certificates (Ben: paragraph [0011]). 

Regarding claims 5, 17 and 20, Leo in view of Smith does not explicit disclose 
wherein said central server publishes a certificate revocation list, said verifying node 
examining said certificate revocation list for determining whether said certificate has 
been revoked. Ben discloses wherein said central server publishes a certificate 
revocation list, said verifying node examining said certificate revocation list for 
determining whether said certificate has been revoked (Ben: paragraphs [0043, 0047 
and 0057]). Therefore, it would have been obvious to one ordinary skill in the art to 
apply the teaching of the certificate revocation list of Ben into the method of Leo in view 
of Smith to have a method and system that simplifies the administrative processing 
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associated with the trust paths that are required for valid use of digital certificates (Ben: 
paragraph [001 1]). 

Regarding claims 6, 16 and 21 , Leo in view of Smith does not explicit disclose 
wherein a quorum of said plurality of nodes publishes a certificate revocation list, said 
verifying node examining said certificate revocation list for determining whether said 
certificate has been revoked. Ben discloses wherein a quorum of said plurality of nodes 
publishes a certificate revocation list, said verifying node examining said certificate 
revocation list for determining whether said certificate has been revoked (Ben: 
paragraphs [0043, 0047 and 0057]). Therefore, it would have been obvious to one 
ordinary skill in the art to apply the teaching of the certificate revocation list of Ben into 
the method of Leo in view of Smith to have a method and system that simplifies the 
administrative processing associated with the trust paths that are required for valid use 
of digital certificates (Ben: paragraph [0011]). 

Regarding claims 1 5 and 1 9, Leo in view of Smith does not explicit disclose 
wherein said plurality of nodes includes a first node and a second node coupled to said 
first node, said first node presenting a first certificate to said second node for 
authenticating said first node. Ben discloses wherein said plurality of nodes includes a 
first node and a second node coupled to said first node, said first node presenting a first 
certificate to said second node for authenticating said first node (Ben: paragraphs [0008 
and 0045]). Therefore, it would have been obvious to one ordinary skill in the art to 
apply the teaching of using a certificate of Ben into the method of Leo in view of Smith 
to have a method and system that simplifies the administrative processing associated 
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with the trust paths that are required for valid use of digital certificates (Ben: paragraph 
[0011]). 

Regarding claims 26-27, Leo in view of Smith does not explicit disclose wherein 
said plurality of nodes is a plurality of members including a first member and a second 
member, said certificate authority issuing a first group certificate to said first member 
that provides said first member with a first permission level, said certificate authority 
issuing a second group certificate to said second member that provides said second 
member with a second permission level. However, Ben discloses wherein said plurality 
of nodes is a plurality of members including a first member and a second member, said 
certificate authority issuing a first group certificate to said first member that provides 
said first member with a first permission level, said certificate authority issuing a second 
group certificate to said second member that provides said second member with a 
second permission level (Ben: see Abstract section). Therefore, it would have been 
obvious to one ordinary skill in the art to apply the teaching of using a certificate with 
permission level of Ben into the method of Leo in view of Smith to have a method and 
system that simplifies the administrative processing associated with the trust paths that 
are required for valid use of digital certificates (Ben: paragraph [001 1]). 

Regarding claim 28, this claim has limitations that are similar to those of claims 
25-27, thus it is rejected with the same rationale applied against claims 25-27 above. 

Regarding claims 35 and 37, Leo in view of Smith does not explicit disclose 
coupling said central server to a verifying node of said plurality of nodes; sending a 
certificate revocation list from said central server to said verifying node; enrolling said 
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central server into the hybrid authentication system. Ben discloses coupling said central 
server to a verifying node of said plurality of nodes; sending a certificate revocation list 
from said central server to said verifying node; enrolling said central server into the 
hybrid authentication system (Ben: see Abstract section and paragraph [0043]). 
Therefore, it would have been obvious to one ordinary skill in the art to apply the 
teaching of Ben into the method of Leo in view of Smith to have a method and system 
that simplifies the administrative processing associated with the trust paths that are 
required for valid use of digital certificates (Ben: paragraph [001 1]). 
12. Claims 9-1 0 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over Leo 
in view of Smith in view of Dinker, and further in view of Ben. 

Regarding claim 9, Leo in view of Smith in view of Dinker does not explicit 
disclose wherein each node of said quorum utilizes a partial key for partially signing a 
certificate related to said new entity so as to provide said new entity with a full signature. 
Ben discloses wherein each node of said quorum utilizes a partial key for partially 
signing a certificate related to said new entity so as to provide said new entity with a full 
signature (Ben: paragraphs [0008 and 0037]). Therefore, it would have been obvious to 
one ordinary skill in the art to apply the teaching of signing a certificate of Ben into the 
method of Leo in view of Smith in view of Dinker to have a method and system that 
simplifies the administrative processing associated with the trust paths that are required 
for valid use of digital certificates (Ben: paragraph [0011]). 
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Regarding claim 1 0, this claim has limitations that is similar to those of claims 6, 
16 and 21, thus it is rejected with the same rationale applied against claims 6, 16 and 
21 above. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to TRANG DOAN whose telephone number is (571)272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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